Re: Tor from Rails

I'm not sure I understand your question, do you mean:a: making anonymous POST requests to your application itself?b: your application making anonymous requests to another website?c: anonymizing your application by hosting it on the tor network?

There are a few gems that run commands on the command line from your rails app. Cocaine from thoughtbot is the one I can remember off the top of my head. https://github.com/thoughtbot/cocaine

There's a few things you should consider with all this though: - Anonymity is very difficult on the internet. Pay special attention to the security of your app. You can encrypt the connections all you want, but if there's an Mass Assignment vuln in your app for example, all that encryption is worthless. - If you a wanting to do option b, you MUST have the permission of the site you're making requests to. It's not right to fake users and will probably get your IP address blocked by the site. Even if you have legitimate users doing legitimate things on the site in question, you WILL look like a bot or spammer in the server logs, because you're basically functioning as a proxy server in that case. If you're doing some non-ethical stuff on the site, even more so. - Implement a firewall on your web server. While it's not specifically related to your question, implementing a firewall and good logging on your server is key for keeping your site secure. Something like pfSense is a good standalone firewall, or iptables of course. - If all you wanted to do was option b, a proxy server would be your best option instead of a rails application. I won't tell you how to set one up though.

Change is a vector. You can have all the change in the world, but if it doesn't go in the right direction, what good is it? | techonamission.com